Hash Generator

A cryptographic hash function takes any input (text, file, data) and produces a fixed-length string (the hash or digest) with three key properties: deterministic (same input always gives same hash), one-way (you cannot reverse a hash to get the original input), and avalanche effect (changing even one character completely changes the hash). SHA-256 of "Hello" is 185f8db32921bd46d35b1d6e23c4b1f69d31f94 — completely different from SHA-256 of "hello" (lowercase). Hash functions are used for data integrity verification, password storage, digital signatures, and blockchain.

These algorithms differ in output length and security. MD5: 128-bit (32 hex chars). Fast but cryptographically broken — collision attacks are feasible. Still used for checksums and non-security purposes. SHA-1: 160-bit (40 hex chars). Also broken for collision resistance since 2017 (SHAttered attack). Avoid for security purposes. SHA-256: 256-bit (64 hex chars). Part of SHA-2 family. Currently secure, widely used in TLS certificates, code signing, and Bitcoin. SHA-512: 512-bit (128 hex chars). Larger output, slightly more security margin. Better performance on 64-bit systems. SHA-384: Truncated SHA-512. For security, use SHA-256 or higher.

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a hash that proves both data integrity AND authenticity. Unlike a plain hash (which anyone can compute), an HMAC can only be verified by someone who knows the secret key. Use HMAC when you need to prove that a message came from a specific party: API request signing (AWS, Stripe webhooks use HMAC-SHA256), JWT signatures (HS256 is HMAC-SHA256), cookie integrity checks, and secure message authentication protocols. Enable the HMAC mode checkbox above and enter a secret key. Only SHA-256, SHA-384, and SHA-512 support HMAC via the Web Crypto API.

No. Never use raw SHA-256, SHA-512, or MD5 for password hashing in production. These algorithms are designed to be fast, which makes them vulnerable to brute-force and rainbow table attacks. An attacker with a GPU can compute billions of SHA-256 hashes per second. For password hashing, use purpose-built slow algorithms: bcrypt (most widely used), Argon2 (winner of the Password Hashing Competition, recommended by OWASP), or scrypt. These are intentionally slow and memory-hard, making brute-force infeasible. In Node.js: bcrypt.hash(password, 12). In Python: bcrypt.hashpw(password, bcrypt.gensalt(12)).

Software publishers provide a hash (usually SHA-256) alongside their downloads. To verify: (1) Drop the downloaded file onto this tool. (2) Copy the SHA-256 hash from the results. (3) Paste the publisher's expected hash into the Compare field below. If they match, the file is intact and unmodified. On the command line: sha256sum file.iso (Linux/macOS) or Get-FileHash file.iso -Algorithm SHA256 (PowerShell). This process is called hash verification or checksum verification. It detects corrupted downloads and tampering, but not sophisticated attacks where the hash itself was also replaced — always verify hashes from the official publisher's site, not just the download mirror.

A hash collision occurs when two different inputs produce the same hash output. Since hash outputs are fixed-length but inputs are unbounded, collisions must mathematically exist — the question is whether they can be found efficiently. For MD5, researchers can generate deliberate collisions in seconds. For SHA-1, the SHAttered attack in 2017 produced a practical collision. For SHA-256, no collisions have ever been found and finding one would require more computational work than all computers combined could do in the age of the universe. Collisions matter for digital signatures: if two documents have the same hash, a signature on one is technically valid for the other. This is why browsers no longer accept MD5 or SHA-1 certificates.

A rainbow table is a precomputed lookup table mapping hash values back to their inputs. An attacker computes hashes for millions of common passwords in advance, stores them in the table, and then looks up any new hash instantly. Protection: salting — adding a unique random value to each password before hashing, so two users with the same password get different hashes. A salt defeats rainbow tables because the attacker would need to regenerate the table for every possible salt. Modern password hashing libraries (bcrypt, Argon2) handle salting automatically. This tool generates plain hashes without salts — suitable for file integrity and data verification, not password storage.

The Web Crypto API is a browser-native cryptography interface standardized by the W3C. It provides secure implementations of hash functions, encryption, and key generation without requiring external libraries. This tool uses crypto.subtle.digest('SHA-256', buffer) for SHA-2 family hashes and crypto.subtle.importKey() + crypto.subtle.sign() for HMAC. MD5 is not included in the Web Crypto API (it is cryptographically broken) so MD5 is computed using a pure JavaScript implementation. Benefits of Web Crypto: it runs natively in the browser sandbox, your data never leaves your device, and the implementations are battle-tested by browser vendors (Chrome, Firefox, Safari, Edge).

SHA-3 (Keccak) was selected by NIST in 2012 as an alternative to SHA-2 after an open competition. It uses a completely different internal design (sponge construction vs Merkle-Damgard in SHA-2), which means vulnerabilities in one would not apply to the other. SHA-3 is not "better" than SHA-2 in practice — SHA-256 and SHA-512 remain secure and are significantly faster in software. SHA-3 is a backup option in case weaknesses are discovered in SHA-2. SHA-3 is not yet supported by the Web Crypto API in all browsers, so this tool does not include it. For most purposes, SHA-256 is the recommended choice: it is fast, widely supported, and has an excellent security track record.

Bitcoin uses SHA-256 extensively. Mining involves finding a number (nonce) such that SHA-256(SHA-256(block_header)) starts with a certain number of zero bits — called Proof of Work. The difficulty adjusts to target one new block roughly every 10 minutes. Bitcoin addresses are derived using: public_key → SHA-256 → RIPEMD-160 → Base58Check encoding. Ethereum uses Keccak-256 (a SHA-3 variant). The blockchain's immutability comes from hash chaining: each block includes the hash of the previous block, so changing any historical transaction changes all subsequent hashes, which the network would immediately reject. Merkle trees use SHA-256 to efficiently prove that a transaction is included in a block without downloading the entire block.